From adee27d7aa11a9b0f715ed8413adaa00a7f71a05 Mon Sep 17 00:00:00 2001
From: Yang Wang <yang.wang@elastic.co>
Date: Fri, 4 Dec 2020 13:30:13 +1100
Subject: [PATCH 1/3] Fix usage reports

---
 docs/reference/rest-api/info.asciidoc         |  4 --
 .../core/action/XPackInfoFeatureAction.java   |  3 +-
 .../security/SecurityFeatureSetUsage.java     | 12 ++++-
 .../xpack/security/operator/Constants.java    |  1 -
 .../operator/OperatorPrivilegesIT.java        |  6 +--
 .../xpack/security/Security.java              |  7 +--
 .../SecurityUsageTransportAction.java         |  7 ++-
 ...OperatorPrivilegesInfoTransportAction.java | 47 -------------------
 .../SecurityInfoTransportActionTests.java     | 12 +++++
 9 files changed, 35 insertions(+), 64 deletions(-)
 delete mode 100644 x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesInfoTransportAction.java

diff --git a/docs/reference/rest-api/info.asciidoc b/docs/reference/rest-api/info.asciidoc
index ff0abac56d0bb..5f4176b44069c 100644
--- a/docs/reference/rest-api/info.asciidoc
+++ b/docs/reference/rest-api/info.asciidoc
@@ -103,10 +103,6 @@ Example response:
          "available" : true,
          "enabled" : true
       },
-      "operator_privileges": {
-         "available": true,
-         "enabled": false
-      },
       "rollup": {
          "available": true,
          "enabled": true
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/action/XPackInfoFeatureAction.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/action/XPackInfoFeatureAction.java
index 493d991428a7f..08bfe678bb910 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/action/XPackInfoFeatureAction.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/action/XPackInfoFeatureAction.java
@@ -47,7 +47,6 @@ public class XPackInfoFeatureAction extends ActionType<XPackInfoFeatureResponse>
     public static final XPackInfoFeatureAction DATA_STREAMS = new XPackInfoFeatureAction(XPackField.DATA_STREAMS);
     public static final XPackInfoFeatureAction DATA_TIERS = new XPackInfoFeatureAction(XPackField.DATA_TIERS);
     public static final XPackInfoFeatureAction AGGREGATE_METRIC = new XPackInfoFeatureAction(XPackField.AGGREGATE_METRIC);
-    public static final XPackInfoFeatureAction OPERATOR_PRIVILEGES = new XPackInfoFeatureAction(XPackField.OPERATOR_PRIVILEGES);
 
     public static final List<XPackInfoFeatureAction> ALL;
     static {
@@ -55,7 +54,7 @@ public class XPackInfoFeatureAction extends ActionType<XPackInfoFeatureResponse>
         actions.addAll(Arrays.asList(
             SECURITY, MONITORING, WATCHER, GRAPH, MACHINE_LEARNING, LOGSTASH, EQL, SQL, ROLLUP, INDEX_LIFECYCLE, SNAPSHOT_LIFECYCLE, CCR,
             TRANSFORM, VECTORS, VOTING_ONLY, FROZEN_INDICES, SPATIAL, ANALYTICS, ENRICH, DATA_STREAMS, SEARCHABLE_SNAPSHOTS, DATA_TIERS,
-            AGGREGATE_METRIC, OPERATOR_PRIVILEGES
+            AGGREGATE_METRIC
         ));
         ALL = Collections.unmodifiableList(actions);
     }
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
index 2f8f22fe030f6..8650f3e6eefff 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
@@ -28,6 +28,7 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
     private static final String IP_FILTER_XFIELD = "ipfilter";
     private static final String ANONYMOUS_XFIELD = "anonymous";
     private static final String FIPS_140_XFIELD = "fips_140";
+    private static final String OPERATOR_PRIVILEGES_XFIELD = XPackField.OPERATOR_PRIVILEGES;
 
     private Map<String, Object> realmsUsage;
     private Map<String, Object> rolesStoreUsage;
@@ -39,6 +40,7 @@ public class SecurityFeatureSetUsage extends XPackFeatureSet.Usage {
     private Map<String, Object> anonymousUsage;
     private Map<String, Object> roleMappingStoreUsage;
     private Map<String, Object> fips140Usage;
+    private Map<String, Object> operatorPrivilegesUsage;
 
     public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         super(in);
@@ -56,6 +58,9 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         if (in.getVersion().onOrAfter(Version.V_7_5_0)) {
             fips140Usage = in.readMap();
         }
+        if (in.getVersion().onOrAfter(Version.V_7_11_0)) {
+            operatorPrivilegesUsage = in.readMap();
+        }
     }
 
     public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, Object> realmsUsage,
@@ -63,7 +68,7 @@ public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, O
                                    Map<String, Object> sslUsage, Map<String, Object> auditUsage,
                                    Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage,
                                    Map<String, Object> tokenServiceUsage, Map<String, Object> apiKeyServiceUsage,
-                                   Map<String, Object> fips140Usage) {
+                                   Map<String, Object> fips140Usage, Map<String, Object> operatorPrivilegesUsage) {
         super(XPackField.SECURITY, available, enabled);
         this.realmsUsage = realmsUsage;
         this.rolesStoreUsage = rolesStoreUsage;
@@ -75,6 +80,7 @@ public SecurityFeatureSetUsage(boolean available, boolean enabled, Map<String, O
         this.ipFilterUsage = ipFilterUsage;
         this.anonymousUsage = anonymousUsage;
         this.fips140Usage = fips140Usage;
+        this.operatorPrivilegesUsage = operatorPrivilegesUsage;
     }
 
     @Override
@@ -99,6 +105,9 @@ public void writeTo(StreamOutput out) throws IOException {
         if (out.getVersion().onOrAfter(Version.V_7_5_0)) {
             out.writeMap(fips140Usage);
         }
+        if (out.getVersion().onOrAfter(Version.V_7_11_0)) {
+            out.writeMap(operatorPrivilegesUsage);
+        }
     }
 
     @Override
@@ -115,6 +124,7 @@ protected void innerXContent(XContentBuilder builder, Params params) throws IOEx
             builder.field(IP_FILTER_XFIELD, ipFilterUsage);
             builder.field(ANONYMOUS_XFIELD, anonymousUsage);
             builder.field(FIPS_140_XFIELD, fips140Usage);
+            builder.field(OPERATOR_PRIVILEGES_XFIELD, operatorPrivilegesUsage);
         } else if (sslUsage.isEmpty() == false) {
             // A trial (or basic) license can have SSL without security.
             // This is because security defaults to disabled on that license, but that dynamic-default does not disable SSL.
diff --git a/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java b/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
index 5f26944a1c921..209916a96254c 100644
--- a/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
+++ b/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
@@ -244,7 +244,6 @@ public class Constants {
         "cluster:monitor/xpack/info/logstash",
         "cluster:monitor/xpack/info/ml",
         "cluster:monitor/xpack/info/monitoring",
-        "cluster:monitor/xpack/info/operator_privileges",
         "cluster:monitor/xpack/info/rollup",
         "cluster:monitor/xpack/info/searchable_snapshots",
         "cluster:monitor/xpack/info/security",
diff --git a/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesIT.java b/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesIT.java
index e4389a4f60721..d71b3f766440c 100644
--- a/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesIT.java
+++ b/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesIT.java
@@ -92,10 +92,10 @@ public void testEveryActionIsEitherOperatorOnlyOrNonOperator() throws IOExceptio
     }
 
     @SuppressWarnings("unchecked")
-    public void testOperatorPrivilegesXpackInfo() throws IOException {
-        final Request xpackRequest = new Request("GET", "/_xpack");
+    public void testOperatorPrivilegesXpackUsage() throws IOException {
+        final Request xpackRequest = new Request("GET", "/_xpack/usage");
         final Map<String, Object> response = entityAsMap(client().performRequest(xpackRequest));
-        final Map<String, Object> features = (Map<String, Object>) response.get("features");
+        final Map<String, Object> features = (Map<String, Object>) response.get("security");
         final Map<String, Object> operatorPrivileges = (Map<String, Object>) features.get("operator_privileges");
         assertTrue((boolean) operatorPrivileges.get("available"));
         assertTrue((boolean) operatorPrivileges.get("enabled"));
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
index 8a6fbdfc58b08..d496756e19ee4 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -218,7 +218,6 @@
 import org.elasticsearch.xpack.security.operator.OperatorPrivileges;
 import org.elasticsearch.xpack.security.operator.OperatorPrivileges.OperatorPrivilegesService;
 import org.elasticsearch.xpack.security.operator.FileOperatorUsersStore;
-import org.elasticsearch.xpack.security.operator.OperatorPrivilegesInfoTransportAction;
 import org.elasticsearch.xpack.security.rest.SecurityRestFilter;
 import org.elasticsearch.xpack.security.rest.action.RestAuthenticateAction;
 import org.elasticsearch.xpack.security.rest.action.apikey.RestClearApiKeyCacheAction;
@@ -771,9 +770,8 @@ public void onIndexModule(IndexModule module) {
     public List<ActionHandler<? extends ActionRequest, ? extends ActionResponse>> getActions() {
         var usageAction = new ActionHandler<>(XPackUsageFeatureAction.SECURITY, SecurityUsageTransportAction.class);
         var infoAction = new ActionHandler<>(XPackInfoFeatureAction.SECURITY, SecurityInfoTransportAction.class);
-        var opInfoAction = new ActionHandler<>(XPackInfoFeatureAction.OPERATOR_PRIVILEGES, OperatorPrivilegesInfoTransportAction.class);
         if (enabled == false) {
-            return Arrays.asList(usageAction, infoAction, opInfoAction);
+            return Arrays.asList(usageAction, infoAction);
         }
         return Arrays.asList(
                 new ActionHandler<>(ClearRealmCacheAction.INSTANCE, TransportClearRealmCacheAction.class),
@@ -818,8 +816,7 @@ public void onIndexModule(IndexModule module) {
                 new ActionHandler<>(GetApiKeyAction.INSTANCE, TransportGetApiKeyAction.class),
                 new ActionHandler<>(DelegatePkiAuthenticationAction.INSTANCE, TransportDelegatePkiAuthenticationAction.class),
                 usageAction,
-                infoAction,
-                opInfoAction);
+                infoAction);
     }
 
     @Override
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityUsageTransportAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityUsageTransportAction.java
index 760107c51bea8..a1f2e046ce1b3 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityUsageTransportAction.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/SecurityUsageTransportAction.java
@@ -29,6 +29,7 @@
 import org.elasticsearch.xpack.security.authc.Realms;
 import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
 import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
+import org.elasticsearch.xpack.security.operator.OperatorPrivileges;
 import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 
 import java.util.Arrays;
@@ -77,6 +78,10 @@ protected void masterOperation(Task task, XPackUsageRequest request, ClusterStat
         Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter);
         Map<String, Object> anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings));
         Map<String, Object> fips140Usage = fips140Usage(settings);
+        Map<String, Object> operatorPrivilegesUsage = Map.of(
+            "available", licenseState.isAllowed(XPackLicenseState.Feature.OPERATOR_PRIVILEGES),
+            "enabled", OperatorPrivileges.OPERATOR_PRIVILEGES_ENABLED.get(settings)
+        );
 
         final AtomicReference<Map<String, Object>> rolesUsageRef = new AtomicReference<>();
         final AtomicReference<Map<String, Object>> roleMappingUsageRef = new AtomicReference<>();
@@ -88,7 +93,7 @@ protected void masterOperation(Task task, XPackUsageRequest request, ClusterStat
             if (countDown.countDown()) {
                 var usage = new SecurityFeatureSetUsage(licenseState.isAllowed(XPackLicenseState.Feature.SECURITY), enabled,
                         realmsUsageRef.get(), rolesUsageRef.get(), roleMappingUsageRef.get(), sslUsage, auditUsage,
-                        ipFilterUsage, anonymousUsage, tokenServiceUsage, apiKeyServiceUsage, fips140Usage);
+                        ipFilterUsage, anonymousUsage, tokenServiceUsage, apiKeyServiceUsage, fips140Usage, operatorPrivilegesUsage);
                 listener.onResponse(new XPackUsageFeatureResponse(usage));
             }
         };
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesInfoTransportAction.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesInfoTransportAction.java
deleted file mode 100644
index 013787c4d8066..0000000000000
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/operator/OperatorPrivilegesInfoTransportAction.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-package org.elasticsearch.xpack.security.operator;
-
-import org.elasticsearch.action.support.ActionFilters;
-import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.license.XPackLicenseState;
-import org.elasticsearch.transport.TransportService;
-import org.elasticsearch.xpack.core.XPackField;
-import org.elasticsearch.xpack.core.action.XPackInfoFeatureAction;
-import org.elasticsearch.xpack.core.action.XPackInfoFeatureTransportAction;
-
-import static org.elasticsearch.xpack.security.operator.OperatorPrivileges.OPERATOR_PRIVILEGES_ENABLED;
-
-public class OperatorPrivilegesInfoTransportAction extends XPackInfoFeatureTransportAction {
-
-    private final XPackLicenseState licenseState;
-    private final boolean enabled;
-
-    @Inject
-    public OperatorPrivilegesInfoTransportAction(TransportService transportService, ActionFilters actionFilters,
-                                                 Settings settings, XPackLicenseState licenseState) {
-        super(XPackInfoFeatureAction.OPERATOR_PRIVILEGES.name(), transportService, actionFilters);
-        this.licenseState = licenseState;
-        enabled = OPERATOR_PRIVILEGES_ENABLED.get(settings);
-    }
-
-    @Override
-    protected String name() {
-        return XPackField.OPERATOR_PRIVILEGES;
-    }
-
-    @Override
-    protected boolean available() {
-        return licenseState.isAllowed(XPackLicenseState.Feature.OPERATOR_PRIVILEGES);
-    }
-
-    @Override
-    protected boolean enabled() {
-        return enabled;
-    }
-}
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityInfoTransportActionTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityInfoTransportActionTests.java
index 160163dfa5661..f373f53152717 100644
--- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityInfoTransportActionTests.java
+++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityInfoTransportActionTests.java
@@ -94,8 +94,10 @@ public void testUsage() throws Exception {
         final boolean authcAuthzAvailable = randomBoolean();
         final boolean explicitlyDisabled = randomBoolean();
         final boolean enabled = explicitlyDisabled == false && randomBoolean();
+        final boolean operatorPrivilegesAvailable = randomBoolean();
         when(licenseState.isAllowed(XPackLicenseState.Feature.SECURITY)).thenReturn(authcAuthzAvailable);
         when(licenseState.isSecurityEnabled()).thenReturn(enabled);
+        when(licenseState.isAllowed(XPackLicenseState.Feature.OPERATOR_PRIVILEGES)).thenReturn(operatorPrivilegesAvailable);
 
         Settings.Builder settings = Settings.builder().put(this.settings);
 
@@ -160,6 +162,10 @@ public void testUsage() throws Exception {
         if (fips140Enabled) {
             settings.put("xpack.security.fips_mode.enabled", true);
         }
+        final boolean operatorPrivilegesEnabled = randomBoolean();
+        if (operatorPrivilegesEnabled) {
+            settings.put("xpack.security.operator_privileges.enabled", true);
+        }
 
         var usageAction = newUsageAction(settings.build());
         PlainActionFuture<XPackUsageFeatureResponse> future = new PlainActionFuture<>();
@@ -229,6 +235,10 @@ public void testUsage() throws Exception {
 
                 // FIPS 140
                 assertThat(source.getValue("fips_140.enabled"), is(fips140Enabled));
+
+                // operator privileges
+                assertThat(source.getValue("operator_privileges.available"), is(operatorPrivilegesAvailable));
+                assertThat(source.getValue("operator_privileges.enabled"), is(operatorPrivilegesEnabled));
             } else {
                 if (explicitlyDisabled) {
                     assertThat(source.getValue("ssl"), is(nullValue()));
@@ -243,6 +253,7 @@ public void testUsage() throws Exception {
                 assertThat(source.getValue("anonymous"), is(nullValue()));
                 assertThat(source.getValue("ipfilter"), is(nullValue()));
                 assertThat(source.getValue("roles"), is(nullValue()));
+                assertThat(source.getValue("operator_privileges"), is(nullValue()));
             }
         }
     }
@@ -296,6 +307,7 @@ public void testUsageOnTrialLicenseWithSecurityDisabledByDefault() throws Except
             assertThat(source.getValue("anonymous"), is(nullValue()));
             assertThat(source.getValue("ipfilter"), is(nullValue()));
             assertThat(source.getValue("roles"), is(nullValue()));
+            assertThat(source.getValue("operator_privileges"), is(nullValue()));
         }
     }
 

From e2d983ee9b3d008c3e228dcabd118a753aa5014f Mon Sep 17 00:00:00 2001
From: Yang Wang <yang.wang@elastic.co>
Date: Fri, 4 Dec 2020 14:41:43 +1100
Subject: [PATCH 2/3] fix bwc test

---
 .../xpack/core/security/SecurityFeatureSetUsage.java          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
index 8650f3e6eefff..39bc414821c7a 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
@@ -58,7 +58,7 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         if (in.getVersion().onOrAfter(Version.V_7_5_0)) {
             fips140Usage = in.readMap();
         }
-        if (in.getVersion().onOrAfter(Version.V_7_11_0)) {
+        if (in.getVersion().onOrAfter(Version.V_8_0_0)) {
             operatorPrivilegesUsage = in.readMap();
         }
     }
@@ -105,7 +105,7 @@ public void writeTo(StreamOutput out) throws IOException {
         if (out.getVersion().onOrAfter(Version.V_7_5_0)) {
             out.writeMap(fips140Usage);
         }
-        if (out.getVersion().onOrAfter(Version.V_7_11_0)) {
+        if (out.getVersion().onOrAfter(Version.V_8_0_0)) {
             out.writeMap(operatorPrivilegesUsage);
         }
     }

From 5f0f2234329ae32422bb156638c78c0368dc1fa9 Mon Sep 17 00:00:00 2001
From: Yang Wang <yang.wang@elastic.co>
Date: Fri, 4 Dec 2020 16:32:46 +1100
Subject: [PATCH 3/3] bwc version change

---
 .../xpack/core/security/SecurityFeatureSetUsage.java          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
index 39bc414821c7a..8650f3e6eefff 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java
@@ -58,7 +58,7 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         if (in.getVersion().onOrAfter(Version.V_7_5_0)) {
             fips140Usage = in.readMap();
         }
-        if (in.getVersion().onOrAfter(Version.V_8_0_0)) {
+        if (in.getVersion().onOrAfter(Version.V_7_11_0)) {
             operatorPrivilegesUsage = in.readMap();
         }
     }
@@ -105,7 +105,7 @@ public void writeTo(StreamOutput out) throws IOException {
         if (out.getVersion().onOrAfter(Version.V_7_5_0)) {
             out.writeMap(fips140Usage);
         }
-        if (out.getVersion().onOrAfter(Version.V_8_0_0)) {
+        if (out.getVersion().onOrAfter(Version.V_7_11_0)) {
             out.writeMap(operatorPrivilegesUsage);
         }
     }